wycats / merb

Branches (2)
- 1.0.x
- master
Tags (25)
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.9.0
- 1.0.12
- 1.0.10
- 1.0.9
- 1.0.8.1
- 1.0.8
- 1.0.7.1
- 1.0.7
- 1.0.6.1
- 1.0.6
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0
- 0.9.13
- 0.9.12
- 0.9.11
- 0.9.10
- 0.9.9

master merb branch — Read more

http://www.merbivore.com

This URL has Read+Write access

Look for Merb, not Merb::Plugins

wycats (author)

Wed Oct 29 23:50:08 -0700 2008

commit fc92683ae1189ea4f97db90d7b15852224293cf8
tree b76da7a512076fffc7b7ca4f91ef02a244985ba0
parent 8a0fc6fd3448b1e271936a09035cb9cc28ae1cea

merb / merb-auth

name	age	history message
..
.gitignore		Loading commit data...
LICENSE
README.textile
Rakefile
TODO	Fri Jan 18 11:25:19 -0800 2008	Leftover files [wycats]
lib/
merb-auth-core/
merb-auth-more/
merb-auth-slice-password/

merb-auth/README.textile

MerbAuth – Merb Merb::Authentication

An extensible architecture for authentication

Speaks fluent HTTP, even the errors
Pluggable Architecture (so that you can use any authentication algorithms you like)
Cascading Merb::Authentication (if one method fails, another is attempted, then another. When no methods succeed, authentication fails)

Principles

Sessions are authenticated
Just because one method of authentication fails doesn’t mean the session, can’t be authenticated another way. This is especially true if your application has an external API as well as a public interface.
HTTP has built-in Errors which every web-browser (should) know how to speak. If you’re application speaks in HTTP Verbs (GET, POST, PUT, DELETE), it should also serve the correct HTTP Errors when things go wrong.

What is it

The merb-auth gem is the default implementation of merb-auth-core and merb-auth-more for
the default Merb Stack. Included are:

merb-auth-slice-password # A basic slice that provides login and logout functionality

Strategies:
:default_password_form # Form based login via a “login” field and “password” field
:default_basic_auth # Basic authentication

Mixins:
redirect_back # For redirect_back_or functionality
salted_user # Automtaically provides the required methods on your user model

Get merb-auth

merb-auth is bundled with the merb gem. To get it as stand alone you can get it two ways.

Gem Style
sudo gem install merb-auth

From Source


git clone http://github.com/wycats/merb.git
cd merb/merb-auth
sudo rake install

Basic Setup

Application Setup (Stack)

When you generate your application with merb-gen app my_app your almost ready to go.

You’ll need something to protect merb-gen resource foos

You’ll need to make your database: rake db:automigrate

Also you need a user


  $ merb -i
  >> u = User.new(:login => "homer")
  >> u.password = u.password_confirmation = "sekrit"
  >> u.save

No you should setup authentication for the things you want to protect:


  # config/router.rb
  authenticate do
    resources :foos
  end

You can protect your controller at an action level also


  # app/controllers/foos.rb 
  before :ensure_authenticated

Fire It Up!

merb

Customize your setup

In the Merb.root/merb/merb-auth directory there are a couple of files that
are generated for you by the stack generator. These are setup.rb and strategies.rb

By default these setup merb-auth to work with the default stack. To customize it,
modify these two files to get the results you want. Serialize in and out of the session,
change the user model for use with the default strategies.

You can of course not use the default strategies and declare your own, or mix and match them.

Configure your routes in the config/router.rb file.